Описание
Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Not ApplicableThird Party AdvisoryVDB Entry
- https://wordpress.org/support/topic/huge-it-slider-security-vulnerability-notification-sql-injectionThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Not ApplicableThird Party AdvisoryVDB Entry
- https://wordpress.org/support/topic/huge-it-slider-security-vulnerability-notification-sql-injectionThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.0 (исключая)
Одновременно
cpe:2.3:a:huge-it:huge-it_slider:*:*:*:*:*:wordpress:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03168
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php.
EPSS
Процентиль: 87%
0.03168
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89